From owner-freebsd-security Fri Dec 21 11:57:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from chaos.evolve.za.net (chaos.evolve.za.net [196.34.172.107]) by hub.freebsd.org (Postfix) with ESMTP id 2EED337B417 for ; Fri, 21 Dec 2001 11:57:13 -0800 (PST) Received: from DAVE ([192.168.0.56]) by chaos.evolve.za.net (8.11.6/1.1.3) with SMTP id fBLJuft21686; Fri, 21 Dec 2001 21:56:47 +0200 (SAST) (envelope-from dave@kill-9.za.net) Message-ID: <002f01c18a59$50806a00$3800a8c0@DAVE> From: "Dave Raven" To: "Igor Roshchin" , References: <200112211810.fBLIAXu71521@giganda.komkon.org> Subject: Re: sshd logging Date: Fri, 21 Dec 2001 21:54:26 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org your defauls (/etc/ssh/) sshd_config file will have this: LogLevel INFO change that to LogLevel DEBUG and your set. ----- Original Message ----- From: "Igor Roshchin" To: Sent: Friday, December 21, 2001 8:10 PM Subject: sshd logging > > Hello! > > > I am somewhat confused about sshd writing messages to the syslog. > On 3.x systems with the sshd installed from ports > (e.g. sshd version 1.2.27 [i386--freebsd3.5.1] ), > I have much more verbose logging, then on 4.x systems with the > "core" openssh (e.g. sshd version OpenSSH_2.3.0 ). > > As an example, here is the excerpts from logs on the same type of > event for 3.x and 4.x systems: > > 3.x and sshd 1.2.27: > > Dec 21 11:05:36 host3.x sshd[7623]: connect from 210.97.143.20 > Dec 21 11:05:36 host3.x sshd[7623]: log: Connection from 210.97.143.20 port 1257 > Dec 21 11:05:36 host3.x sshd[7623]: log: Could not reverse map address 210.97.143.20. > Dec 21 11:05:36 host3.x sshd[7624]: connect from 210.97.143.20 > Dec 21 11:05:36 host3.x sshd[7624]: log: Connection from 210.97.143.20 port 1253 > Dec 21 11:05:36 astra sshd[7624]: log: Could not reverse map address 210.97.143.20. > Dec 21 11:05:36 astra sshd[7623]: fatal: Local: Your ssh version is too old and is no longer supported. Please install a newer version. > Dec 21 11:05:36 astra sshd[7624]: fatal: Local: Your ssh version is too old and is no longer supported. Please install a newer version. > > > 4.x and OpenSSH_2.3.0: > > Dec 21 11:05:26 host4.x sshd[67562]: Disconnecting: Your ssh version is too old and is no longer supported. Please install a newer version. > Dec 21 11:05:39 host4.x sshd[67565]: Disconnecting: Your ssh version is too old and is no longer supported. Please install a newer version. > > > I see that the priority of the messages changed between the versions. > However, even enabling "auth.*" logging does not show the "connect from .." > messages. > In both cases sshd is run as a standalone daemon. > > Any ideas/sugggestions as for how to enable this logging in OpenSSH ? > (Am I just overlooking something obvious ?) > > Thanks, > > Igor > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message